MS-DEFCON 3: Ready or not, it’s time to update
<![if !vml]><![endif]>By Susan Bradley
It’s not exactly an all-clear.
Normally, this is the time in the update cycle when I give an all-clear. It’s when most, if not all, of the side effects of patches have been identified.
This month, unfortunately, there are still issues. However, that doesn’t mean I don’t want you to install updates. Even though there are documented problems with network printing after the October updates, they are not widespread.
Many system administrators report that printing problems most often occur when the operating system of the server hosting the print server is older — and possibly unpatched — while the workstations are newer platforms that are patched. Therefore, after installing the updates in your peer-to-peer network, make testing printing your first step. If you can print, leave the updates installed and pat yourself on the back — you survived October.
If you are impacted by the October updates and do have printing issues, consider your situation carefully before you uninstall and block updates. There are several vulnerabilities included in the October updates, one of which, CVE-2021-40449, has been used in targeted malware attacks to elevate privileges on a system. My ongoing philosophy is that when the risk of being unpatched is higher than the risk of applying a patch, it’s time to install updates. I also don’t want to go a month without installing an update unless the reasons for doing so are very clear.
I’ve installed the October updates at my home and office, including a collection of Ricoh network printers as well as stand-alone Brother, HP, Lexmark, and Canon printers (black-and- white as well as color printers). I’ve had no issues printing after installing the October updates, whether at home or office. I have mixtures of server operating systems including Server 2019, Server 2016, and Server 2012 R2 as well as Windows 10, plus a Windows 7 system under extended security patches. In short, just because you read in the headlines that we’re seeing printing issues doesn’t mean that you will have issues.
For those of you in a home setting, install updates now and immediately test for printing issues. My best guess is that you’ll be fine, with no problems. As mentioned above, everything is good at my house.
In my own home, I have Windows 10 printing to black-and-white Brother HL-L5200DW and HP LaserJet Pro P1102W printers, plus an HP MFP M277c6 color printer. None of them suffered from the October updates.
I’m sorry to say that business users must not be so sanguine — you are more likely to experience problems. If you do, there are several options. The first (which I’d rather you not do) is to uninstall the updates and block them (pause updates) until next month. The second is to install one of the preview updates that Microsoft will be releasing soon, especially if you are having issues deploying printers using Internet Printing Protocol. Microsoft has already released KB5006744 for Windows 10 1809, which includes a fix for:
Addresses a known issue that might prevent the successful installation of printers using the Internet Printing Protocol (IPP).
On the PatchManagement.org listserv, Matthew reported that his Windows Server 2019 print server was dead in the water from the October 12, 2021, update (KB5006672). He created a case with Microsoft and, after trying numerous registry keys and settings, still couldn’t print. The Microsoft support personnel then asked him to install the October 19, 2021, preview update (KB5006744), which fixed his network printing.
Others reported that the October updates specifically broke printers that had been added as \\computername\share. Fewer issues were seen on printers installed using IPP or WSD. Dymo label printers, in particular, are typically set up as shared printers and may be impacted by this update.
Another possible solution is as follows:
<![if !supportLists]>1. <![endif]>Uninstall the problem printer.
<![if !supportLists]>2. <![endif]>Install it as a local printer on the client computer, choosing one of the LPT ports (e.g., LPT2) and selecting „keep current driver.“
<![if !supportLists]>3. <![endif]>Launch the Windows command line (cmd). Be sure to do so using the current user’s rights, not administrative rights.
<![if !supportLists]>4. <![endif]>Make a mapping of LPT2: to the corresponding shared printer, using a command such as the following:
NET USE LPT2: \\ Insert SharedComputerName \ InsertSharedPrinterName / PERSISTENT: YES
This month, there’s no clear resolution. You may have no issues at all with the October updates. You may have issues printing. If you are required to patch, and you end up having issues printing, I’d urge you to install the preview updates that I’ll be listing in the Master Patch List. If that doesn’t work, ensure that you understand the risks involved in not being patched this month.
Bottom line: Install the updates, see whether you can print. If you can, pat yourself on the back. If you can’t, prepare yourself for a bit of testing and hassle.
Join the conversation! Your questions, comments, and feedback about this topic are always welcome in the AskWoody Lounge!
Susan Bradley is the publisher of the AskWoody newsletters.
Publisher: AskWoody Tech LLC (firstname.lastname@example.org); editor: Will Fastie (email@example.com).
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody Tech LLC. All other marks are the trademarks or service marks of their respective owners.
<![if !supportLists]>· <![endif]>Subscription help: firstname.lastname@example.org
Copyright © 2021 AskWoody Tech LLC. All rights reserved.